Computer systems are utilized by individuals and organizations to store and process sensitive information such as sensitive business documents, medical records, and financial account information. Unauthorized parties, commonly referred to as “hackers,” attempt to gain access to this information for various reasons. As a result, information security is a top concern for many organizations and individuals today.
Hardware-based approaches to strengthening information security have gained popularity. For example, as a semiconductor authentication integrated circuit chip can contain sophisticated security protocols inside. Compared to software products, hardware at the semiconductor integrated circuit level usually is usually less susceptible to attacks by hackers, such as by way of malicious Trojans. Nevertheless, the hardware integrated circuit chips are not weakness-free and have their intrinsic vulnerabilities.
One vulnerability of a security-focused integrated circuit chip is its testing port, which is incorporated in the integrated circuit according to design for test (DFT) principles. One example of a testing port is a test access port (TAP) interface according to the IEEE 1149.1 standard. These testing ports are needed in integrated circuit manufacturing to screen out the process defects and confirm the chips are fully functional before shipping to the customers. If not properly protected, the testing port can be used by hackers as the interface to extract information from the IC chip, such as extract security keys and other private information. This information can be used, as an example, to develop a method for unauthorized access to other information systems that use the same authentication protocol.